AMENDMENTS TO THE CLAI MS 



1. (Currently amended) A method for providing security in a computer system, 
comprising: 

selecting a set of properties for use in determining members of a clean group if an item is 
clean ; [[and]] 

evaluating an item to determine if it has the specified set of properties; [[, and]] 
sending an add request to a clean group server; and 

if the clean group server determines that the item does have has the specified set of 
properties, the clean group server designating [[it]] the item as a member of [[the]] a clean group. 

2. (Original) The method of Claim 1, wherein the items are computers. 

3. (Original) The method of Claim 2, wherein when a computer is to be evaluated, a 
clean component is installed on the computer to perform compliance checks. 

4. (Original) The method of Claim 1, wherein a compliance check is performed at a 
selected time for an item to determine if the item has the speci fied set of properti es. 

5. (Original) The method of Claim 1, wherein one of the specified set of properties 
is whether all of the available updates have been installed. 

6. (Original) The method of Claim 5, wherein the updates comprise at least one of 
security updates or service packs. 

7. (Original) The method of Claim 4, wherein if the compliance check fails, a 
message is sent to indicate that the object should not be in the clean group. 
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8. (Original) The method of Claim 7, wherein if the compliance check fails, the 
clean group membership of the item is invalidated. 

9. (Currently amended) The method of Claim 8, wherein the invalidation of the 
clean group membership comprises local actions which may include including at least one of 
hiding or erasin g the domain credentials of the item. 

10. (Currently amended) The method of Claim 7, wherein if the compliance check 
fails, additional steps [[may be]] are taken including at least one o f hiding cryptographic keys er 
l o gging out a privileged use r. 

11. (Original) The method of Claim 4, wherein if a compliance check passes, a 
message is sent to provide information that will be evaluated to determine if the item should be 
in the clean group. 

12. (Original) The method of Claim 11, wherein after a message is received and a 
determination is made that the item should be in the clean group, a countdown is started and if 
another message is not received by the end of the countdown, the item is removed from the clean 
group. 

13. (Original) The method of Claim 1 , wherein an item in the clean group performs a 
self check to determine if it still has the specified set of properties, and if it does not, takes action 
to have itself removed from the clean group. 

14. (Currently amended) The method of Claim 1, further comprising a clean group 
s erver, wherein the clean group server initiating initiates a status check to determine if the 
members in the clean group still have the specified properties. 
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15. (Currently amended) A system for managing security, comprising: 
a clean group server; 

an update component which includes updates for items; 

a clean runtime component, the clean runtime component being installed on an item and 
being able to communicate with the update component^,]] and the clean group server; 

the clean runtime component sending an add request to the clean group server; and 

the item becoming a member of if the clean group server determines that the item has a 
specified set of properties, the clean group server designates the item as a member of a clean 
group when selected criteria are met; and 

a clean group server . 

16. (Currently amended) The system of Claim 15, further comprising a domain 
controller which communicates with the clean group server with which the clean group server 
communicates to designate the item as a member of the clean group . 

17. (Original) The system of Claim 15, wherein the items comprise computers. 

1 8. (Original) The system of Claim 1 7, wherein compliance checks are performed for 
the items to determine if the items meet the selected criteria. 

19. (Original) The system of Claim 18, wherein one of the criteria is whether 
selected available updates have been installed. 

20. (Original) The system of Claim 19, wherein the updates comprise at least one of 
security updates or service packs. 
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21. (Original) The system of Claim 18, wherein if a compliance check fails, a 
message is sent from the clean runtime component to the clean group server to indicate that the 
item should not be in the clean group. 

22. (Original) The system of Claim 18, wherein if the compliance check passes, a 
message is sent from the clean runtime component to the clean group server to provide 
information that will be used to evaluate whether the item should be in the clean group. 

23. (Original) The system of Claim 22, wherein after a message is received to 
indicate that the item should be placed in the clean group, a countdown is started and if another 
message is not recei ved by the end of the countdown, the item is removed from the clean group. 

24. (Original) The system of Claim 15, wherein the clean runtime component 
performs a self-check of the item to determine if it meets the selected criteria for remaining in 
the clean group. 

25. (Original) The system of Claim 15, wherein the clean group server initiates a 
compliance check for items to determine if they should remain in the clean group. 

26. (Currently amended) One or more computer-readable media having 
computer-executable components for providing security in a computer system, the 
computer-executable components comprising: 

a runtime object which is installed for installation on a computer, the runtime object 
being - run on the computer to determine wherein the runtime object, when executed, determines 
if the computer is in compliance has a specified set of properties , and based on the results of the 
compliance check sends a message regarding whether the computer should be in a group sends 
an add request to a clean group server; and 
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instructions for installation on a clean group server for processing the add reque st, 
wherein the instructions, when executed, cause the clean group server to designate the computer 
as a member of a clean group, if the clean group server determines that the add request is valid . 

27. (Original) The media of Claim 26, wherein the compliance check is performed 
initially upon installation of the runtime object. 

28. (Original) The media of Claim 26, wherein the compliance check comprises a 
determination of whether selected available updates have been installed on the computer. 

29. (Original) The media of Claim 28, wherein the selected available updates 
comprise at least one of security updates or service packs. 

30. (Currently amended) The media of Claim 26, wherein after a message the add 
request is received to indicate that the computer should be placed in the group by the clean g roup 
server , a countdown is started and if another message is not received by the end of the 
countdown, the item computer is removed from as a member of the group. 

31. (Currently amended) The media of Claim 26, wherein the clean runtime object 
performs initiates a compliance check on the computer. 

32. (Currently amended) The media of Claim 26, wherein [[a]] the clean group server 
communicates with the runtime object to initiate a compliance check. 

33. (Currently amended) A method for providing security in a computer system, 
comprising: 

determining -if a computer is in compliance; and selecting a set of properties for use in 
determining if a computer is clean; 
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evaluating a computer to determine if it has the specified set of properties; 
sending an add request to a clean group server; and 

based on whether or not the clean group server determines that the computer is in 
compliance, the clean group server disabling or enabling the computer domain account. 

34. (Original) The method of Claim 33, wherein when a new computer is to be added 
to the domain account, the new computer's account is placed in a disabled state until the 
computer is proved to be in compliance. 

35. (Currently amended) The method of Claim 33, wherein when a new computer is 
to be added to the domain account, the domain join operation is predicated on proving that the 
computer is in compliance by requiring [[a]] the clean group server to participate in the domain 
join operations. 

36. (Currently amended) The method of Claim 33, wherein the compliance check 
evaluating a computer comprises determining whether available updates have been installed on 
the computer. 

37. (Original) The method of Claim 33, wherein the computer periodically performs 
compliance checks. 

38. (Currently amended) The method of Claim 33, wherein [[a]] the clean group 
server periodically initiates a compliance check on the computer. 

39. (Currently amended) A method for providing security in a computer system, 
comprising: 

performing compliance checks for items; 
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placing items which pass the compliance check into a clean group; and 
removing items from the clean group which fail the compliance check; 
wherein items within the clean group can access a collection of IPSec communication 

requirements and parameters that allow them to communicate with other items within the cle an 

group; and 

items not within the clean group cannot access the collection of TPSec communication 
requirements and parameters, and are thereby quarantined from receiving information from or 
sending information to items within the clean group . 

40. (Original) The method of Claim 39, wherein after an item passes a compliance 
check and is placed in the clean group, a countdown is started and if another compliance check is 
not passed by the end of the countdown, the item i s removed from the clean group. 

41 . (Original) The method of Claim 39, wherein the item is a computer. 

42. (Original) The method of Claim 39, wherein the item performs a compliance 

check. 

43. (Original) The method of Claim 39, wherein a clean group server initiates a 
compliance check on the item. 

44. (Original) The method of Claim 39, wherein the compliance check is performed 
by the item communicating with an update Web site to determine if updates are available for the 
item. 

45. (Original) The method of Claim 44, wherein the item communicates with a clean 
group server to establish its membership in the clean group. 
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46. (Original) The method of Claim 45, wherein the clean group server 
communicates with a domain controller. 

47. (Currently amended) The method of Claim 39, wherein a compliance check 
[[may be]] is initiated by one or more of a client coming online, changes in client 
status/configuration, changes in network status/configuration, or changes to a compliance policy. 

48. (Original) The method of Claim 39, wherein a clean group server communicates 
to non-compliant items how to get back into compliance. 

49. (Original) The method of Claim 48, wherein the non-compliant items are directed 
to a Web site with online instructions to the user, and once the instructions are followed, another 
server- assisted compliance check is initiated. 

50. (Original) The method of Claim 48, wherein the non-compliant items are 
instructed how to get into the compliant state automatically without requiring a user's 
involvement. 

51. (Currently amended) The method of Claim 39, wherein an item [[may be]] is a 
user, and a user's clean group membership is evaluated on the basis of whether the user's 
computer is in compliance. 

52. (Canceled) 

53. (Currently amended) The method of Claim [[52]] 39, wherein items within the 
clean group is utilized to provide enforcement of the computer security policy are Riven access to 
the collection of IPSec settings by binding active directory group policy to the clean group 
membership such that only members of the clean group can read the policy. 
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54-55. (Canceled) 

56. (Currently amended) The method of Claim [[55]] 39, wherein a client that 
changes state from membership in the clean group to non-membership is required to clear all 
policy settings distributed via the clean group. 

57-59. (Canceled) 

60. (New) The method of Claim 1, wherein if the clean group server determines that 
the item does not have the specified set of properties, the clean group server designating the item 
as a member of a dirty group. 

61 . (New) The system of Claim 15, wherein if the clean group server determines that 
the item does not have the specified set of properties, the clean group server designating the item 
as a member of a dirty group. 

62. (New) The method of Claim 8, wherein the invalidation of the clean group 
membership comprises local actions including at least erasing the domain credentials of the item. 

63. (New) The method of Claim 7, wherein if the compliance check fails, additional 
steps are taken including at least logging out a privileged user. 
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